Menu
I am developing a java agent to monitor http communications happening in my application server. I like to know the SSL version(SSLv3, TLS, etc) used in outgoing Https connections. Is there a way to get the SSL version by any means?
868
Show activity on this post. Get the SSLSession from your SSLSocket on your client and use its getProtocol() method. Oracle JRE/OpenJDK 6 supports SSLv3 and TLS 1.0. You would need at least the IBM JRE 6/7 or Oracle JRE/OpenJDK 7 to get support for TLS 1.1 and TLS 1.2.
HttpsURLConnection extends HttpURLConnection , and your connection is an instance of both. When you call openConnection() the function actually returns an HttpsURLConnection . However, because the https object extends the http one, your connection is still an instance of an HttpURLConnection .
HttpURLConnection class is an abstract class directly extending from URLConnection class. It includes all the functionality of its parent class with additional HTTP-specific features. HttpsURLConnection is another class that is used for the more secured HTTPS protocol.
URLConnection is the base class. HttpURLConnection is a derived class which you can use when you need the extra API and you are dealing with HTTP or HTTPS only. HttpsURLConnection is a 'more derived' class which you can use when you need the 'more extra' API and you are dealing with HTTPS only.
I used this solution, maybe it can help you:
First you need an extension class of SSLSocketFactory to attach a HandshakeCompletedListener to the sockets created by the SSLSocketFactory:
(inspired by How to override the cipherlist sent to the server by Android when using HttpsURLConnection?)
public class SecureSSLSocketFactory extends SSLSocketFactory {
private final SSLSocketFactory delegate;
private HandshakeCompletedListener handshakeListener;
public SecureSSLSocketFactory(
SSLSocketFactory delegate, HandshakeCompletedListener handshakeListener) {
this.delegate = delegate;
this.handshakeListener = handshakeListener;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose)
throws IOException {
SSLSocket socket = (SSLSocket) this.delegate.createSocket(s, host, port, autoClose);
if (null != this.handshakeListener) {
socket.addHandshakeCompletedListener(this.handshakeListener);
}
return socket;
}
// and so on for all the other createSocket methods of SSLSocketFactory.
@Override
public String[] getDefaultCipherSuites() {
// TODO: or your own preferences
return this.delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
// TODO: or your own preferences
return this.delegate.getSupportedCipherSuites();
}
Then you need an implementation of the HandshakeCompletedListener interface. You must implement the handshakeCompleted method:
public class MyHandshakeCompletedListener implements HandshakeCompletedListener {
@Override
public void handshakeCompleted(HandshakeCompletedEvent event) {
SSLSession session = event.getSession();
String protocol = session.getProtocol();
String cipherSuite = session.getCipherSuite();
String peerName = null;
try {
peerName = session.getPeerPrincipal().getName();
} catch (SSLPeerUnverifiedException e) {
}
}
In handshakeCompleted you can get the protocol version (maybe TLSv1.2), and by the way also the information on cipher suite etc., that is also accessible via HttpsConnection.
You can set the custom SSL socket factory via conn.setSSLSocketFactory before connect:
private void setupAndConnect() {
URL url = new URL("https://host.dom/xyz");
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(/*keyManagers*/null, /*trustManagers*/null, /*new SecureRandom()*/null); // simple here
conn.setSSLSocketFactory(new SecureSSLSocketFactory(sslContext.getSocketFactory(), new MyHandshakeCompletedListener()));
// conn.set... /* set other parameters */
conn.connect();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
